This invention relates to key management schemes for cryptographic systems and more particularly to a circuit and method for sharing a key amoung several individuals.
The protection of data which is used in computer systems has become an important subject. Most efforts to provide data security have consisted of the design of cryptosystems of various types. One of the basic assumptions of a cryptosystem is that authorized users will have possession of a small piece of data called a key which will allow them access to the larger collection of data. Although some very good cryptosystems have been developed, relatively little attention has been given to an associated problem referred to as the key management problem. The essence of the key management problem is that regardless of the quality of the security provided by the cryptosystem used, if the key is compromised then the cryptosystem is compromised. Since keys must be distributed to the authorized users, often across large physical distances, the ultimate security of the cryptosystem is no better than the key management scheme. Suggestions of using a cryptosystem to distribute the key for another cryptosystem changes the problem but doesn't solve it.
One method of improving the security of key management is to distribute a number of keys to different individuals, such that a certain number of the keys must be present in order to reconstruct the original keys which is then used to either provide access to data or to unlock some item or start some process. One example of such a system would be in a business where financial transactions require several employees to use their keys at the same time, similar to the requirement for multiple signatures on a check. Another application would be in a voting system where it is desired to allow a majority of the distributed keys to authorize some process. Another application would be in a safe deposit box type of situation where it is desirable to require more than one key to open a lock.
It is an object of this invention to generate secondary keys corresponding to a key such that a certain predetermined number of the secondary keys will allow the reconstruction of the key, however if one less than the predetermined number of secondary keys is present the key can not be determined.